UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com) 44
An anonymous reader quotes the Guardian:
Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...
The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."
One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."
The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."
One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."
Their system protects member accounts (Score:2)
So perhaps it isn't such a bad idea to use your home-brew email server after all.
Re: (Score:2)
Any government or big company should just hand out secure locked down devices for intranet only use (no web browsing, no USB, no nothing) with hardware VPN.
Small cost compared to the shit caused by even a low impact hack.
Re: (Score:1)
Hm... sooner or later someone will learn how to hack their way into intranet servers anyway, for example by emulating that device VPN. Intrusions are normal. The point is that if you allow diversity, it becomes unlikely that all servers are attacked simultaneously.
In addition, smaller data centers can afford smaller security teams, which implies better trust.
ya know, it could just be a false flag attack... (Score:1)
... convenient excuse to regulate the internet.... how jaded am I with my government ...
Re: (Score:2)
how jaded am I with my government ...
Not enough yet.
Re: ya know, it could just be a false flag attack. (Score:1)
Not at all - instead itâ(TM)s a great justification of why having unencrypted data sat on a server (or data encrypted in a way that that server knows how to decrypt) is a bad idea. This is exactly why end to end encryption is needed.
Re: (Score:2)
Why is it too bad? Cyber attack stopped, no one needs emails on the weekends anyway (politicians rarely work when they are supposed to in the first place), and it was time to clock out. Should he not be compensated for the work he did, and not get to spend it the way he wants?
Re: (Score:1)
Why is it too bad?
It's too bad if you are a EU citizen living in the UK . . . or a UK subject (the UK doesn't have citizens; it's not written into the constitution that they don't have).
Should he not be compensated for the work he did, and not get to spend it the way he wants?
The current government of the UK hasn't really done any work on planning for the Brexit, while the clock is already ticking on the exit date. The negotiations with the rest of the onery EU members will be about as easy as negotiating The Treaty of Ghent (look it up, if you don't know what that means).
The EU tabled an offer to grant all UK c
Re: (Score:2)
I don't think the EU would be screwing British expats - that would make them lose the moral high ground. My best guess is, EU will allow them to get a second nationality easier than it is now.
Re: (Score:1)
You are a fucking retard! Check out the Magna Carta sometime, and realize the difference in law systems means UK civil rights are even more secure than the US constitution provides.
Re: "I'm off to the pub." (Score:1)
Aren't US legislators forbidden from admitting they drink alcohol, unless it's in a tearful confession after arrest or in rehab?
Better passwords? (Score:5, Interesting)
Wouldn't requiring two-factor auth be a better idea?
Re: (Score:2)
I have no idea why two-factor is not more common. All the stuff I have set up for personal use has it enabled but none of the corporate systems I use so (except for one that also needs a dongle). You know what I would like to see? A near field dongle-like key, something that can be embedded in a phone or keyring or ID card or something. There seems to be the beleif that secure means more difficult and so many have opted for the less secure easier to access route. You can have exceptional security and easy a
passwords need to go (Score:2, Interesting)
Why can't the email for MPs use client side SSL certificates for authentication instead of passwords. This isn't really all that hard to do, just a little extra effort.
This password nonsense needs to end.
Re: (Score:2)
I don't understand the problem (Score:5, Insightful)
If they've got nothing to hide they've got nothing to fear...
In light of all the anti-privacy legislation that the UK government has been passing, I've got to wonder if somebody's making a point.
OMG! (Score:2)
a kid in his mom's basement or something
It's like I have a twin!
Re:OMG! (Score:4, Insightful)
What I want to know is why a British MP is using the American word "mom" in a communication instead of the British "mum".
Outrageous!
Given what's going on in the UK (Score:2)
notified by email (Score:3, Funny)
An email sent to all those affected,
What could possibly go wrong with this means of notification?
attack is such a loaded word (Score:2)
Wouldn't a 'security probe' or 'multiple failed logins' or something of that nature be more accurate? I've had enough of all these bad and misleading analogies. Is computer security really so hard? Just enforce secure passwords and multifactor authentication and take it seriously. Account lockout after 10 unsuccessful attempts etc. And don't use Microsoft software of any kind.